Linux Kernel Programming

Synopsis

Understand the inner workings of the Linux Kernel and its various subsystems, from an architectural perspective, as well as through driver writing. The course explains the components, and focuses on them using a sample device driver coded and expanded by the students. The students will become familiar with the Linux source code of the latest kernels (3.14 at the time of writing), with thorough review of the sources, as well as detailed discussions of the various features introduced in each minor Kernel version.

Target Audience

Device Driver developers, Security professionals interested in malware and rootkits, and/or anyone interested in obtaining deeper insights into the workings of the Linux Kernel

Prerequisites

Objectives

Describe the functions and architecture of the Linux Kernel
Create a fully functional character device driver
Explain the various Kernel subsystems, including the task scheduler, and virtual memory manager
Explain, interface with and hook Kernel system calls

Exercises

This course allocates plenty of time for hands-on practice.
The hands-on exercises include:

Creating a full fledged Linux character driver
Manipulating Kernel structures like process control blocks (task_struct), event notification chains and others

Modules

1.	Introduction
	4 hours

Introduction to the Linux architecture. We discuss the design and implementation of the Linux Kernel and its various subsystems, at a modular "black box" level, without going into the source code level (yet).

Linux Kernel features
Version differences - 2.6 through 3.14
User-Mode and Kernel-Mode Architecture
The Linux Task Scheduler (thread manager)
The Linux I/O Schedulers:
- Elevator/NoOp
- DeadLine
- Anticipatory
- Complete Fair Queueing (CFQ)
Devices in Linux

2.	Kernel Related Commands
	1 hours

A discussion of the various user-mode tools available for Kernel-related debugging tasks, including:

The /proc filesystem
The /sys filesystem
dmesg
strace and ltrace
The ModUtils (lsmod, insmod, modprobe/depmod, rmmod..

3.	The Kernel Sources
	1 hours

The Linux Kernel comes in the form of a mammoth tarball of gigantic (>250MB) proportions. In this module, we discuss how to navigate the sources using the Linux Cross Reference (LXR) tools, as well as how to compile and cross-compile the kernel.

The Kernel source
Navigating the source tree
Compiling the Kernel

Day 2

4.	The Kernel Boot Process
	3 hours

The best way to get to know the kernel sources is to follow the Kernel boot, step by step. In this module, we do exactly that, starting with the boot loader, onward to the Kernel startup, and finally the user mode phase of init.

The PC Boot process - BIOS and EFI
The Boot Loader
- GRUB
- EFI
The Kernel boot phase
Init and user mode startup

5.	Kernel Survival Guide
	4 hours

Basic issues with Kernel programming, the do's and do-not's of Kernel programming

Kernel Modules
Portability issues across architectures
Linked Lists in the Kernel
Synchronization primitives
- Atomic operations
- Spinlocks
- R/W Locks
- Sempahores
- Completions
Kernel notification chains
printk
The /Proc Filesystem
The seq_file interface

Day 3

6.	Kernel subsystems
	4 hours

An in-depth discussion of two of the most important subsystems in the Kernel - System calls, and the Task Scheduler.

System Calls - In depth:
- System call modes - Interrupt gates vs. SYSENTER/SYSCALL
- Adding system calls to the Kernel
- Calling system calls from Kernel Mode
- System call tracing using API
Processes and threads - in depth
Creating processes - the clone() system call
Maintaining processes/threads - the task_list
The Process/Thread control block - struct task_struct
Processor run queues and migration
Priorities & scheduling

7.	Creating a basic device driver
	2 hours

Creating a basic character device driver, including:

System calls from the driver's perspective
Device Major & Minor numbers
register_chrdev
udevd and hotplug
Interfacing with sysfs (/sys directory)

Day 4

8.	Advanced Topics
	4 hours

Focusing on the Kernel time-keeping mechanisms and virtual memory management, we discuss:

The Kernel internal timer - Jiffies
Tickless Kernels
Timer objects
Delays
- Wait Queues
- mdelay/udelay/ndelay
Virtual Memory
The Kernel memory map
Virtual Memory:
- kmalloc/kfree
- The Slab allocator
- The cache allocator
- The buddy allocator

9.	Driver, Interrupted
	3 hours

Developing a device driver and writing in Kernel mode introduces an often overlooked aspect of programming - Interrupt handling. Interrupts, generated by devicet often the most inopportune and unpredictable times, are an issue to be reckoned with, and involve considerable programming constraints.

IRQs and interrupts
Requesting an interrupt (request_irq)
Interrupt handlers and entropy
Bottom Halves:
- Tasklets
- SoftIRQs
- work queues

Day 5

10.	Kernel Network Architecture
	2 hours

An introduction to the Kernel Network architecture, focusing on network devices (=interfaces), with a brief overview of the TCP/IP Stack at the socket level.
(Note: This introductory module serves only as a basic overview - The Kernel networking subsystems are discussed in far more detail in their own dedicated course - Linux Networking).

Linux interfaces
struct net_dev
Building a simple Ethernet interface
inet_proto and layer IV protocols
Hooking TCP/IP socket operations
NetFilter/IPTables - briefly

11.	Linux Kernel Security
	2 hours

A detailed discussion of the Linux Kernel security features, including:

The Linux Capabilities model
Linux Security Modules (LSM) and SELinux
Kernel buffer overflow protection - ExecShield and randomization

Home

Training

Consulting

Products (NEW)

Contact Us